Cite v2 execution-semantics contract in operator run diagnostics

durable-workflow-ops · durable-workflow-ops · commit 7ec5aaeb3ee8 · 2026-04-24T00:40:05.000Z
Extend Waterline RunDiagnostics with a guidance field that describes
each diagnostic in the vocabulary frozen by the workflow v2
execution-guarantees and idempotency contract. Activity retries are
described as at-least-once with activity_execution_id as the
recommended idempotency key; workflow-task failures are described as
deterministic replay, not duplicate application execution; history
budget and continue-as-new guidance names workflow_run_id and
workflow_instance_id; and condition-wait guidance names signal,
update, timer, and cancel as the durable resume sources.

Surface the guidance line in the run-detail diagnostics banner so
operators see the contract framing next to every diagnostic. Pin the
alignment with a new unit test that asserts every GUIDANCE entry
carries the required semantics terms, and extend the existing feature
test to assert the guidance field is present on every emitted
diagnostic.
diff --git a/app/Support/RunDiagnostics.php b/app/Support/RunDiagnostics.php
@@ -17,6 +17,45 @@ class RunDiagnostics
 
     private const HISTORY_BUDGET_WARNING_RATIO = 0.8;
 
+    /**
+     * Operator-facing guidance strings aligned with the v2 execution-semantics
+     * contract frozen in workflow@docs/architecture/execution-guarantees.md.
+     * Each string names the semantics (at-least-once, deterministic replay,
+     * exactly-once at the durable state layer) and, where applicable, the
+     * framework idempotency surface an operator should reason about when the
+     * diagnostic fires. The matching codes are pinned by
+     * tests/Unit/Support/V2DiagnosticsExecutionContractAlignmentTest.php;
+     * changes here must update that test in the same change.
+     */
+    public const GUIDANCE = [
+        'activity_repeated_failure' =>
+            'Activity attempts are at-least-once. Every retry shares the same '
+            . 'activity_execution_id, which is the recommended idempotency key '
+            . 'for external calls and conditional database writes.',
+        'activity_heartbeat_timeout_not_effective' =>
+            'Heartbeats renew the activity attempt lease. When heartbeat_timeout '
+            . 'is greater than or equal to start_to_close_timeout the start-to-close '
+            . 'timeout closes the attempt first and the heartbeat timeout never '
+            . 'fires — redelivery will not kick in on a stalled worker.',
+        'activity_unbounded_retry_policy' =>
+            'Activity attempts are at-least-once. Without a max_attempts ceiling, '
+            . 'only a non-retryable error or a timeout ends the retry loop, so '
+            . 'the activity_execution_id can keep producing new attempts.',
+        'workflow_task_repeated_failure' =>
+            'Workflow tasks are replayed deterministically, not retried against '
+            . 'application logic. Repeated workflow-task failures indicate host '
+            . 'or deps issues, not duplicate application execution; replay does '
+            . 'not re-invoke activity side effects.',
+        'history_budget_near_limit' =>
+            'Durable history rows are the exactly-once record for this run. '
+            . 'Continue-as-new starts a new workflow_run_id under the same '
+            . 'workflow_instance_id rather than truncating history in place.',
+        'condition_wait_stuck' =>
+            'Condition waits block the run on a durable resume source. Until a '
+            . 'signal, update, timer, or cancel fires on the named target, the '
+            . 'wait stays open — there is no automatic abandonment.',
+    ];
+
     /**
      * @param array<string, mixed> $detail
      * @return list<array<string, mixed>>
@@ -624,6 +663,7 @@ private function diagnostic(
             'docs_url' => $docsUrl,
             'evidence' => $evidence,
             'evidence_summary' => $evidenceSummary,
+            'guidance' => self::GUIDANCE[$code] ?? null,
         ];
     }
 
diff --git a/resources/js/screens/flows/flow.vue b/resources/js/screens/flows/flow.vue
@@ -556,6 +556,12 @@
                         <strong>{{ diagnostic.title }}</strong>
                     </div>
                     <div class="mt-1">{{ diagnostic.summary }}</div>
+                    <div
+                        class="small text-muted mt-1 font-italic"
+                        v-if="hasDetailValue(diagnostic.guidance)"
+                    >
+                        {{ diagnostic.guidance }}
+                    </div>
                     <div class="small mt-1" v-if="diagnosticEvidenceRows(diagnostic).length">
                         {{ diagnosticEvidenceRows(diagnostic).join(' | ') }}
                     </div>
diff --git a/tests/Feature/V2DashboardWorkflowTest.php b/tests/Feature/V2DashboardWorkflowTest.php
@@ -525,6 +525,25 @@ public function testShowIncludesRunDiagnosticsForCommonOperatorProblems(): void
             'SLA / 300s',
             $diagnostics->firstWhere('code', 'condition_wait_stuck')['evidence_summary'],
         );
+
+        foreach ($diagnostics as $diagnostic) {
+            $this->assertArrayHasKey(
+                'guidance',
+                $diagnostic,
+                sprintf('Run diagnostic %s must expose operator guidance aligned with the v2 execution-semantics contract.', $diagnostic['code']),
+            );
+            $this->assertIsString($diagnostic['guidance']);
+            $this->assertNotSame('', $diagnostic['guidance']);
+        }
+
+        $this->assertStringContainsString(
+            'at-least-once',
+            $diagnostics->firstWhere('code', 'activity_repeated_failure')['guidance'],
+        );
+        $this->assertStringContainsString(
+            'activity_execution_id',
+            $diagnostics->firstWhere('code', 'activity_repeated_failure')['guidance'],
+        );
     }
 
     public function testShowExposesDeclaredEntryMethodContractForCanonicalAndCompatibilityRuns(): void
diff --git a/tests/Unit/Support/V2DiagnosticsExecutionContractAlignmentTest.php b/tests/Unit/Support/V2DiagnosticsExecutionContractAlignmentTest.php
@@ -0,0 +1,171 @@
+<?php
+
+namespace Waterline\Tests\Unit\Support;
+
+use PHPUnit\Framework\TestCase;
+use Waterline\Support\RunDiagnostics;
+
+/**
+ * Pins Waterline operator-facing run diagnostics to the v2 execution-semantics
+ * and idempotency contract frozen in the workflow package at
+ * docs/architecture/execution-guarantees.md.
+ *
+ * The contract is the single reference for duplicate-execution, retry, lease
+ * expiry, and redelivery semantics across product docs, CLI reasoning,
+ * Waterline diagnostics, and test coverage. When the contract renames or
+ * narrows a guarantee, the {@see RunDiagnostics::GUIDANCE} strings and this
+ * pinning test must be updated in the same change so operator vocabulary does
+ * not drift away from the contract silently.
+ *
+ * Required reading before changing this test:
+ * - workflow package: docs/architecture/execution-guarantees.md
+ * - workflow package: tests/Unit/V2/ExecutionGuaranteesDocumentationTest.php
+ */
+final class V2DiagnosticsExecutionContractAlignmentTest extends TestCase
+{
+    /**
+     * Every diagnostic code Waterline's RunDiagnostics can emit must carry
+     * contract-aligned operator guidance. Adding a new diagnostic that has no
+     * guidance string is a pinning failure; either add guidance or explicitly
+     * map the code to null in {@see RunDiagnostics::GUIDANCE} if the
+     * diagnostic is not a semantics teaching moment.
+     */
+    public function testEveryKnownDiagnosticCodeHasGuidance(): void
+    {
+        $expected = [
+            'activity_repeated_failure',
+            'activity_heartbeat_timeout_not_effective',
+            'activity_unbounded_retry_policy',
+            'workflow_task_repeated_failure',
+            'history_budget_near_limit',
+            'condition_wait_stuck',
+        ];
+
+        foreach ($expected as $code) {
+            $this->assertArrayHasKey(
+                $code,
+                RunDiagnostics::GUIDANCE,
+                sprintf('RunDiagnostics::GUIDANCE is missing contract guidance for code %s.', $code),
+            );
+            $this->assertNotEmpty(
+                RunDiagnostics::GUIDANCE[$code],
+                sprintf('Contract guidance for %s must be a non-empty string.', $code),
+            );
+        }
+    }
+
+    /**
+     * Duplicate execution is a first-class distributed reality in the v2
+     * contract, not a bug condition. Activity-retry guidance must describe
+     * retries as at-least-once and direct the operator to the
+     * activity_execution_id idempotency surface, which is the default
+     * framework-provided idempotency key that stays stable across retries.
+     */
+    public function testActivityRetryGuidanceCitesAtLeastOnceAndExecutionIdSurface(): void
+    {
+        $guidance = RunDiagnostics::GUIDANCE['activity_repeated_failure'];
+
+        $this->assertStringContainsString('at-least-once', $guidance);
+        $this->assertStringContainsString('activity_execution_id', $guidance);
+        $this->assertStringContainsString('idempotency', $guidance);
+    }
+
+    /**
+     * The heartbeat-timeout diagnostic must explain that heartbeats renew the
+     * activity attempt lease, and that a start_to_close timeout that fires
+     * first prevents lease expiry from triggering redelivery. The contract
+     * language for this surface is "lease" plus the concrete timeout fields.
+     */
+    public function testHeartbeatTimeoutGuidanceCitesLeaseAndTimeoutFields(): void
+    {
+        $guidance = RunDiagnostics::GUIDANCE['activity_heartbeat_timeout_not_effective'];
+
+        $this->assertStringContainsString('Heartbeat', $guidance);
+        $this->assertStringContainsString('lease', $guidance);
+        $this->assertStringContainsString('start_to_close_timeout', $guidance);
+        $this->assertStringContainsString('heartbeat_timeout', $guidance);
+    }
+
+    /**
+     * Unbounded retry policies keep producing new attempts for the same
+     * activity_execution_id. Contract guidance names at-least-once and the
+     * execution-id surface so operators can reason about the dedupe key the
+     * retries share.
+     */
+    public function testUnboundedRetryGuidanceCitesAtLeastOnceAndExecutionIdSurface(): void
+    {
+        $guidance = RunDiagnostics::GUIDANCE['activity_unbounded_retry_policy'];
+
+        $this->assertStringContainsString('at-least-once', $guidance);
+        $this->assertStringContainsString('activity_execution_id', $guidance);
+        $this->assertStringContainsString('max_attempts', $guidance);
+    }
+
+    /**
+     * Workflow-task failures are never duplicate application execution — the
+     * workflow body is replayed deterministically. Contract guidance must
+     * separate workflow-task replay from activity at-least-once so operators
+     * stop reading repeated workflow-task failures as duplicate side effects.
+     */
+    public function testWorkflowTaskGuidanceCitesDeterministicReplay(): void
+    {
+        $guidance = RunDiagnostics::GUIDANCE['workflow_task_repeated_failure'];
+
+        $this->assertStringContainsString('replay', $guidance);
+        $this->assertStringContainsString('deterministic', $guidance);
+        $this->assertStringContainsString('side effect', $guidance);
+    }
+
+    /**
+     * The history budget diagnostic must point operators at continue-as-new
+     * as a new-run primitive, not at history truncation. The contract is
+     * explicit that the durable history rows are exactly-once at the durable
+     * state layer.
+     */
+    public function testHistoryBudgetGuidanceCitesContinueAsNewAndDurableHistory(): void
+    {
+        $guidance = RunDiagnostics::GUIDANCE['history_budget_near_limit'];
+
+        $this->assertStringContainsString('Continue-as-new', $guidance);
+        $this->assertStringContainsString('workflow_run_id', $guidance);
+        $this->assertStringContainsString('workflow_instance_id', $guidance);
+        $this->assertStringContainsString('exactly-once', $guidance);
+    }
+
+    /**
+     * Condition waits block the run on a durable resume source. Contract
+     * guidance names the resume sources an operator should look for so the
+     * "stuck" state reads as a missing signal/update/timer rather than a
+     * framework bug.
+     */
+    public function testConditionWaitGuidanceCitesResumeSources(): void
+    {
+        $guidance = RunDiagnostics::GUIDANCE['condition_wait_stuck'];
+
+        $this->assertStringContainsString('durable', $guidance);
+        $this->assertStringContainsString('signal', $guidance);
+        $this->assertStringContainsString('update', $guidance);
+    }
+
+    /**
+     * Guidance strings are reviewed as part of the contract. Every guidance
+     * entry must stay short (single paragraph) so it fits next to the
+     * diagnostic in operator tooling.
+     */
+    public function testGuidanceStringsAreConciseSingleParagraphs(): void
+    {
+        foreach (RunDiagnostics::GUIDANCE as $code => $guidance) {
+            $this->assertIsString($guidance, sprintf('Guidance for %s must be a string.', $code));
+            $this->assertLessThanOrEqual(
+                400,
+                strlen($guidance),
+                sprintf('Guidance for %s is longer than 400 characters; keep it concise.', $code),
+            );
+            $this->assertStringNotContainsString(
+                "\n\n",
+                $guidance,
+                sprintf('Guidance for %s must be a single paragraph with no blank lines.', $code),
+            );
+        }
+    }
+}
